Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/15/2024 10:41 AM - edited 05/16/2024 04:46 AM
Hi Team,
Problem Statement: Create new AD account with random password to be sent to users Manager as per password policy.
We are not able to generate Active Directory random password as we are getting below error:
Relevant Logs:
"2024-05-15T15:15:38.610+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-87g5j","ERROR","Error while creating account in AD - [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0"
"2024-05-15T15:15:38.676+00:00","ecm-worker","","null-87g5j",""," ]"
"2024-05-15T15:15:38.676+00:00","ecm-worker","","null-87g5j","","javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0"
Password policy: min length==> 15 characters
Connection Configuration:
SETRANDOMPASSWORD: TRUE
CREATEACCOUNTJSON:
{
"accountExpires": "0",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"pwdLastSet": "0",
"manager": "${managerAccount==null?'':managerAccount.accountID}",
"displayname": "${user.firstname} ${user.lastname}",
"givenName": "${user.firstname}",
"department": "${user.departmentname}",
"sn": "${user.lastname}",
"userPrincipalName": "${user.email}",
"sAMAccountName": "${user.username}",
"mail": "${user.email}",
"Description": "${user.jobcodedesc}",
"employeeID": "${user.employeeid}",
"initials": "${user.middlename}",
"l": "${user.city}",
"physicalDeliveryOfficeName": "${user.location}",
"PostalCode": "${user.regioncode}",
"st": "${user.state}",
"Title": "${user.title}",
"UnicodePwd": "Welcome@1234567",
"userAccountControl": "512"
}
Things Tried:
Password Attribute | Value | UserAccountControl | Result |
"UnicodePwd" | "Welcome@1234567" | 512/544 | Worked |
"UnicodePwd" | "${randompassword}" | 512/544 | Not worked |
"UnicodePwd" | "${randomPassword}" | 512/544 | Not worked |
"userPassword" | "${randomPassword}" | 512/544 | Not worked |
"userPassword" | "Welcome@1234567" | 512/544 | Not worked |
Password Policy has been defined in the Policy Rule in the Security System:
Attribute Name | Attribute Value |
Policy Name | AOBApplicationPasswordPolicy |
Policy Description | Password Policy for Active Directory Application |
Policy Scope | APPLICATION |
Minimum Numeric Characters | 1 |
Minimum Special Character | 1 |
Minimum Alpha Numeric Characters | 1 |
Minimum Alphabet Characters | 1 |
Minimum Uppercase Characters | 1 |
Minimum Lowercase Characters | 1 |
Disallow Last Password | 5 |
Use Blacklist Dictionary | NO |
Regex Description | Password did not match as per Regex |
Minimum Length | 15 |
Expire After (Days) | 360 |
Please let us know what needs to be done here as we are stuck generating random password for AD Account Creation.
Regards,
Saksham
05/15/2024 04:29 PM
For creating account with password connection should be ldaps and not ldap (389)
05/15/2024 10:50 PM
Hi @rushikeshvartak ,
Thanks for your reply, We are using ldaps with 636 and not LDAP with 389.
Regards,
Saksham
05/16/2024 08:28 PM
Ensure that the generated password complies with AD's password policies, which include:
Your current policy seems comprehensive, but ensure the random password generation logic meets these requirements.